|
|
"Brenton D. Rothchild" <brothchild@xxxxxxxxxxxx> said: > Hi all, > > A bit off topic, but has anyone had any experience with OpenVPN using > hardware > accelerator cards supported by OpenSSL? > > We're looking at trying to raise the number of simultaneous tunnels that a > box can support > by using some of the various PCI cards available and supported by OpenSSL > (or > vendor patched OpenSSL). A lot of the cards available talk about > connections per second > for SSL applications but we want to increase the throughput of established > tunnels. > > I have no idea if any of these would actually work, but it would be great if > it did :) > > We'd like to use a 3DES+SHA1 for the tunnel cipher; AES cards seem too > expensive for > our needs. Currently, we've been looking at the Cavium NITROX boards (which > use > Cavium's "modified OpenSSL") - it seems to have a high throughput for > 3DES+SHA1, but > I have no idea if that's properly utilized with OpenSSL/OpenVPN. > > If anyone has used any of these cards with OpenVPN, I'd love to hear about > your > experiences and/or recommendations. I would be curious as well to know whether this works, and how much of performance gain you get. In order for the hardware accelerated version of OpenSSL to work properly with OpenVPN, it would need to support acceleration in both the SSL/TLS and EVP APIs. I would also be interested to know how offloading the crypto to hardware affects overall scalability of OpenVPN, and how the performance/price works out compared to just adding more computers or processors. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |